If you don't find your problem listed below,
please submit a bug report to
ssh-bugs@clinet.fi
giving full details of
uname -a
), and
the output of config.guess
.config.log
(generated by configure)ssh -v
sshd -d
ftp://ftp.cs.hut.fi/pub/ssh/snapshots/
before reporting
any bug.
No, it doesn't. Use "ssh -f otherhost xclient
" instead,
or "ssh -n otherhost xclient &
" if you want a script
to be compatible with rsh.
For Solaris 2.4, this s a kernel bug. Get the patch 101945-37 to fix it. Please note that at least one earlier version, 101945-36, seems to have reintroduced the bug.
If you experience the same problem with Solaris 2.5.1, upgrade to ssh 1.2.14 or later, which should have solved the problem.
This is a problem with the Solaris shared library code, which causes a hang with some name server functions.
Get Patch 103187-02 (for x86, 103188-02) to fix this. This problem may or may not be fixed in Solaris 2.5.1.
You need to set the hostname to the fully qualified domain name for this to work. Some Linux distributions set the hostname to the first part of the FQDN only.
Check whether gethostbyname()
really returns the complete lists
of possible IP addresses (you might, for example, have your system
configured to search /etc/hosts
first, which might contain
only one of the IP addresses).
This is a bug in AIX 3.2.5, reported as APAR IX38941, and fixed by patches U435001, U427862, U426915, and a few others. Contact your IBM representative for details.
For Alpha OSF/1 1.3.2, this is due to a bug in the vendor-supplied compiler with maximum optimization.
Turn off all optimization for ssh-keygen, or use gcc. Gcc 2.7.2 is known to have problems on the Alpha, however.
This is a bug in gcc 2.7.0, which causes it to generated incorrect
code without optimization. Supply the "-O
" or
"-O -g
" options to gcc when compiling. Alternatively,
upgrade to gcc 2.7.2.
This is an incorrectly configured Linux system; do a
"cd /usr/lib; ln -s libc.sa libg.sa
"
as root to remedy this.
This is believed to be a bug in HP-UX 9 xauth, SR 5003209619. Patch PHSS_5568 is believed to fix this problem.
If this occurs for any other platform, please mail details to
ssh-bugs@clinet.fi
.
There are several possibilities why this could be the case; common ones include
~/.rhosts
is world or
group-writable (see StrictModes server configuration option).~/.rhosts
and your home directory may need to be
world-readable.~/.rhosts
or
~/.shosts
;
/etc/shosts.equiv
and /etc/hosts.equiv
are
disregarded for root.RhostsRSAAuthentication is a functional replacement for the 'r'
utilities; this requires the ssh
program to be setuid
root, a secret key in /etc/host_key
file on the client,
a corresponding public key entry in /etc/ssh_known_hosts
,
plus entries in ~/.[sr]hosts
or
/etc/[s]hosts.equiv
.
RSAAuthentication is done on a per-user basis and requires
a ~/.ssh/identity
file on the client side
(to be generated with ssh-keygen
), plus a matching
~/.ssh/authorized_keys
on the server side.
This is a configuration problem.
Ssh attempts to fall back to the "r" commands when it cannot connect to an ssh daemon on the remote host. It does this by execing your old rsh to use the old protocol.
There are two possibilities why this could be:
--with-rsh=PATH
option to configure the second time. When ssh
is looking for rsh, it keeps executing itself (or an older version of
itself). To solve this, recompile ssh with the correct place for rsh.In that case, you might want to move the old rsh and rlogin binaries into
/usr/old
, patch the old rsh binary by running the Perl script
perl -pi.orig -e 's+/usr/(bin|ucb)/rlogin+/usr/old/rlogin+g ;' /usr/old/rshwhich will generate a patched version of rsh and save the old one in
/usr/old/rsh.orig
.
Reconfigure ssh with --with-rsh=/usr/old/rsh
.
rxvt closes all file descriptors when starting up, including the one
used by ssh-agent
. Use xterm, or look at the mailing list archives
at
http://www.cs.hut.fi/ssh/ssh-archive/
for Timo Rinne's
rxvt patch.
This can happen if the xauth program was not found at configure time. Correct the path, reconfigure and recompile.
This is due to a known race condition in the ssh protocol before 1.2.13.
Some changes have been made to the protocol in 1.2.14 to prevent this. Unfortunately, these changes may also cause hangs when using TCP forwarding between 1.2.14 and earlier versions. In these cases, upgrade to 1.2.14 or later at both ends is recommended.
Either the remote end has disabled X11 forwarding (ForwardX11 No
in the config file), or either the xauth command or the X11 libraries
were not found when compiling the server.
It is very likely that you are looking at a telnet, rlogin or X session to the machine that you run ssh on. Check that those packets really are ssh packets (for example by checking their port number; sshd listens on port 22).
This is a limitation in the RSAREF library. You should set a host key with at most 896 bits.
For several operating systems there were bugs in the gmp assembler routines. Try
make distclean configure --disable-asmto compile.
Set the CPP environment variable to "cc -E -Xs" before running configure.
This is a problem which has been reported by several people for SunOS 4, Solaris 2, Linux, and HP-UX 9 and 10, with 1.2.16 and 1.2.17. It happens with scp, when transferring large amounts of data via ssh's stdin, or when forwarding an X connection which receives a large amount of graphics data (such as a MPEG movie).
Try to apply the following patch to 1.2.16 or 1.2.17 for a fix. This is in 1.2.18 or later.
--- serverloop.c.orig Tue Jan 21 14:38:25 1997 +++ serverloop.c. Tue Jan 21 14:37:54 1997 @@ -405,7 +405,7 @@ buffer_len(&stdin_buffer)); if (len <= 0) { - if (errno != EWOULDBLOCK) + if ((errno != EWOULDBLOCK) && (errno != EAGAIN)) { if (fdin == fdout) shutdown(fdin, 1); /* We will no longer send. */
When a client connects, sshd forks a child that does the protocol handling, and this child forks a second child for the user shell or command. The problem is that the setuid() call to the correct user appears only in the second child, so the first child keeps running as root.
Among other potential problems this means that connections redirected with -Lx:host:port will be made from the root uid to host:port, since the first child does them. This means that when the target host does an ident query, it gets back only "root" and no indication of the actual user.
This has been reported as a bug; it is not known wether this will be fixed in a future release.
Next Chapter, Previous Chapter
Table of contents of this chapter, General table of contents
Top of the document, Beginning of this Chapter